~/services

Areas of Interest

Topics I can contribute through consulting and training

Below are the areas where I can contribute through consulting and training. Each topic can be delivered as consulting or a training session, depending on the need.

// areas

Working Areas

[01] DFIR

Digital Forensics & Incident Response

Technical response during and after an incident: scoping, evidence collection, root cause analysis.

  • Windows, Linux, macOS, ESXi forensics
  • Attack chain reconstruction
  • IoC extraction and propagation
  • Executive and technical reporting
[02] SOC

SOC & Incident Response

L1/L2/L3 incident response lifecycle: detection, triage, scoping, containment and escalation.

  • Alert triage and prioritization
  • Scoping and escalation management
  • IR playbook development
  • Case reporting and lessons learned
[03] DETECTION

Detection Engineering

Behavior-based detection content for SIEM, EDR and custom platforms.

  • YARA, Sigma, OSQuery rule development
  • Splunk SPL / ArcSight rule authoring
  • MITRE ATT&CK coverage analysis
  • False positive reduction
[04] HUNTING

Threat Hunting

Hypothesis-driven proactive hunting to surface stealthy threats.

  • APT TTP modeling
  • Telemetry analysis and hunting queries
  • Findings report and detection conversion
  • Continuous hunting program design
[05] ASSESSMENT

Compromise Assessment

Deep scan of suspect or post-remediation environments for active intrusion and historical traces.

  • Endpoint and network telemetry analysis
  • Retrospective log and telemetry sweep
  • Persistence and exfiltration trace hunting
  • Related adversary infrastructure discovery
  • Executive-summary report delivery
[06] MALWARE

Malware Analysis

Static and dynamic analysis of suspect samples; behavior, IoC and family classification report.

  • Static and dynamic analysis
  • Family classification and TTP mapping
  • YARA rule derivation
  • Sandbox and behavior report
[07] PURPLE

Purple Team Exercises

Live testing and improvement of blue team detection capability against red team scenarios.

  • MITRE ATT&CK-based scenario design
  • Atomic Red Team / custom TTP execution
  • Detection gap analysis
  • Closure report and action list
[08] CTI

Threat Intelligence Program

Building sector-specific CTI feeds and translating them into operational action.

  • CTI source and feed design
  • Sector-specific threat profile
  • IoC distribution and lifecycle
  • Regular executive briefings
// engagement

Consulting and Training

I work in two formats: consulting and training, shaped by the request and the need. If you have a specific topic in mind, send a short email and let's talk.

If You're Interested, Let's Talk

Drop a short note describing what you have in mind; we can take it from there together.

Get in Touch →